And now…the rest of the story

Here’s the story:

So, there I was, checking to see if any new posts were on the site, and man, the login page looked pretty weird. Strange. Then the admin page for the site was also pretty screwed up: weird layout, missing pictures, missing buttons, etc.

What could it be? Did I screw something up? Was it the fault of my ISP? Hmmm…

Anyway, I replaced a few files from a backup I had (a few .php files were oddly only 200 bytes, BYTES, mind you, not KB) and all SEEMED well.

So, forgive my being busy, I thought all was well, and even my STUPID CHEAP anti-virus program (more on that later) wasn’t really raising any red flags, so…hmmm.

Then after a day or so, Randy, bless you, sir, sent me email reporting that there was indeed a virus trying to be loaded from my page.

Oh.

Crap.

A more in depth perusal of things revealed that somehow, somehow, (more later), every folder had a new index.html inserted into it, and almost all the .php pages were changed. (And obfuscated, so I couldn’t clean them up…clever, clever, hackers. Not.)

So, yes. Every folder on the site had been infected, along with all the header and footer php pages. A quick search revealed that there as an “IFrame” embedded in them all which, when loaded, tried to redirect the browser to a some scammer shit site. Happy Happy Joy Joy.

The clean up was fairly easy: Just download and replace the corrupted files. But how did this happen? I got a copy of the FTP logs and it was my work IP that was recorded as the “sinner” that uploaded the pages. (I thought I could blame WordPress for this, but the infiltration was much more comprehensive than that…I mean, EVERY folder on the site, even old, forgetten non-Word Press folders were infected…)

To make a long story short…I’m guess that, as mentioned before, the fact that FileZilla, by default (!!!), saved FTP user names and passwords in CLEAR TEXT on the computer may have had something to do with it. Who knows…the Internet is truely the Wild, Wild West.

So a quick change of the FTP password, a cleanup of ALL infected files, and all seems well.

A HUGE thank you to Randy for bringing this to my attention. Yes, I would have noticed eventually (real life and all), but who knows how much damage could have been done.

With that in mind, I end this post with a humble request: Please, do not hesitate to contact me if something seems strange on this site. (Besides my reviews, of course.)

It will take much, much more than gutless hackers to bring down this site.

I promise!

8 comments to And now…the rest of the story

  • guts3d

    We can take up a collection to buy a quality a/v solution, which one do you want? I’ll be happy to Paypal some $$$ or even mail you a check to help out.

  • Thanks for your generousity, but it’s under control. My solution is to have only 1 comptuer that I FTP from (home) and that computer is running the latest AV software along with NEVER saving FTP password in the FTP client “site manager” even if it is supposed to be encrypted. So far, so good. So I think it’s going to be ok. 🙂

  • guts3d

    Good thinking!

  • I actually got off pretty easy considering that I just had to upload a new copy of the wordpress software and delete a bunch of corrupt html files. The database was fine, so that was good. It’s just all such a pointless waste of time. Damn the hackers! (cue evil laughter and thunder bolts)

  • guts3d

    Sic Tor Johnson on them! Make them uncredited extras on an Ed Wood low budget quickie!

  • Just glad the site’s up and running again, and really enjoying the They Saved Hitler’s Brain review which led me to the infamous The Frozen Dead which is my favorite Nazi/disembodied head movie of all time. 🙂

    Randy

  • Glad you like the Hitler’s Brain review. It’s really actually a very dull movie for the first hour or so; then it goes completely bonkers with the head and all. Too bad it didn’t play a bigger role in the picture…like I mentioned in the review: It just glowered in its jar and yelled “Macht Schnell!” a few times before melting in a fire. ho hum.

  • guts3d

    Doesn’t Macht Schnell mean “very quickly”? What an odd thing for a dis-embodied ( non-corporeal )megalomaniac to say!

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>